1. Field of the Invention
The present invention relates to a system for sharing electronic information through a programmed computer, and particularly, to a security system for electronic information shared among employees of different companies.
Improvements in computer networks are expanding the sharing of electronic information from among sections of the same company to among different companies. It is required to ensure the security of information shared among users and of the data about the users themselves.
2. Description of the Related Art
In this specification, a xe2x80x9crequesterxe2x80x9d is a user who makes a request for sharing electronic information such as files. Through the accompanying drawings, like parts are represented with like reference marks. FIG. 1 shows a security system for shared electronic information according to a prior art. An input unit 21 and an output unit 22 are connected to a user interface 23 directly or through a LAN. A message entered by a requester into the input unit 21 is transferred to an objective unit through the user interface 23. The objective unit returns a reply, which is edited by the user interface 23 and the edited reply is transferred to the output unit 22. A user managing unit 24 manages data related to users, a user data manager 25 controls the data related to users, and a user level manager 26 determines the managing level of each user. Namely, the user level manager 26 determines whether or not a requester is a system managing user or a general user. User data 27 is in the form of a table. A sharing manager 28 manages users and electronic information shared by the users. Sharing data 29 is a list of electronic information and users that share the electronic information. An information manager 2A manages electronic information 2B. The electronic information 2B may be files, directories, or databases to be shared by users through networks.
The user data 27 is a database in the form of a table containing the names and managing levels of users.
FIG. 2 shows an example of the sharing data 29 containing the names of files and the names of users who share the files. In the example, there are three files a, b, and c. The file a is shared by users A2 and B1, the file b by users A3 and C1, and the file c by users A1, A2, A3, B1, and C1. When a requester enters a request for acquiring a list of users into the input unit 21, the user interface 23 transfers the request to the user level manager 26, which transfers the request to the user data manager 25. The user data manager 25 fetches a list of all users from the user data 27, and the user interface 23 transfers the list to the output unit 22. In this way, any requester can obtain a list of all users from the user data 27. When a requester, who is a user registered in the user data 27, enters a request for sharing the information 2B into the input unit 21, the user interface 23 analyzes the request and asks the sharing manager 28 to provide a list of users who share the information 2B. The sharing manager 28 returns the list, and the user interface 23 transfers the list to the output unit 22. Thereafter, the requester may select a user from the list on the output unit 22 and deletes, changes, or adds the selected user with respect to the information 2B. The information manager 2A and sharing manager 28 cooperate with each other to secure that only authorized users listed in the sharing data 29 access the information 2B.
If the user A1 of FIG. 2 makes a request for sharing the files a and b that are presently isolated from the user A1, the user A1 can get the names of the users A2 and B1 that are sharing the file a and the users A3 and C1 that are sharing the file b. This is because the prior art is based on a client-server system formed on an intranet whose extent is limited within an office in which there will be no problem even if every user looks in files and data about users. This, however, raises a security problem when information is shared by users belonging to different offices or companies through networks. It is necessary to limit the extent of information and user data to be retrieved by a user depending on a managing level given to the user.
According to the prior art, any registered user can retrieve a list of all users who share electronic information. Namely, the prior art allows each registered user to see a list of registered users, a list of electronic information, and a list of users who share the electronic information. This causes a problem when the electronic information is shared among companies that issue orders and companies that receive the orders.
An object of the present invention is to provide a system for ensuring the security of electronic information shared among companies and limiting the extent of electronic information and user data to be retrieved by a user depending on a managing level given to the user.
In order to accomplish the object, the present invention newly employs tenant data and a tenant data manager to provide a function of ensuring the security of user data. If a requester is a general user, the requester is allowed to refer to only data about users that are under a tenant to which the requester belongs and is prohibited from accessing data about users who are under tenants to which the requester does not belong. More precisely, the present invention provides a security system for electronic information sharing, having an input terminal with which a requester enters a request for sharing electronic information and an output terminal with which the requester receives a list of users who may share the electronic information. The security system is characterized by tenant data containing tenants and users belonging to the tenants and by a user-tenant managing unit for retrieving at least a tenant to which a requester belongs from the tenant data, preparing a list of users who belong to the retrieved tenant, and providing the requester with the prepared list through the output terminal.
The system also employs user data that contains users and managing levels related to the users. If the user data indicates that the requester is a system managing user, the user-tenant managing unit prepares a list of all users from the user data and provides the requester with the prepared list.
The system allows the system managing user to make deletion, updating, and addition with respect to the user data.
If the requester is a tenant managing user, the user-tenant managing unit retrieves at least a tenant to which the requester belongs from the tenant data, acquires a list of users who belong to the retrieved tenant from the tenant data, and provides the requester with the acquired list.
The system allows the tenant managing user to delete, update, and add data about the users who belong to the tenant to which the tenant managing user belongs.
The system also employs sharing data that specifies electronic information and users who share the electronic information. If the requester is a general user, the user-tenant managing unit retrieves at least a tenant to which the requester belongs from the tenant data and acquires a list of users who belong to the retrieved tenant from the tenant data. The system also employs a sharing manager that compares the acquired list with a list of users who share electronic information for which the requester issues the sharing request, and prepares a list of users who are present in both the acquired list and the list of users who share the electronic information. The lastly provided list is given to the requester.